On 05/17/2012 05:07 AM, C.F. Yeung wrote:
I have added a new eap_new with the other cert in eap.conf and tried the unlang policy. But, it still goes to my existing eap/cert. MAC address and IP are masked by x.
+- entering group authorize {...} ++? if (Called-Station-Id == "xx-xx-xx-xx-xx-xx:eduroam") ? Evaluating (Called-Station-Id == "xx-xx-xx-xx-xx-xx:eduroam") -> TRUE ++? if (Called-Station-Id == "xx-xx-xx-xx-xx-xx:eduroam") -> TRUE ++- entering if (Called-Station-Id == "xx-xx-xx-xx-xx-xx:eduroam") {...} [eap_new] EAP packet type response id 5 length 253 [eap_new] Continuing tunnel setup. +++[eap_new] returns ok ++- if (Called-Station-Id == "xx-xx-xx-xx-xx-xx:eduroam") returns ok ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "testuser", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 253 [eap] Continuing tunnel setup.
You didn't do what I said. You're still running the "eap" module. You need: authorize { ... if ( ... ) { eap_new } else { eap } ... }
++[eap] returns ok Found Auth-Type = eap_new Found Auth-Type = EAP Warning: Found 2 auth-types on request for user 'testuser'
READ the debug output please!